#!/bin/sh
#date 2022/4/11
#mail it-arch
function firewall() {
        service iptables start
 
        for Port in 21
           do 
                iptables -I INPUT 5  -m state --state NEW -m tcp -p tcp --dport $Port -j ACCEPT
          done
 
        /etc/init.d/iptables save
}
 
function safety() {
        /usr/sbin/setenforce 0
        sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
}
 
function runlevel() {
        sed -i 's/^id:[0-9]:initdefault:/id:3:initdefault:/' /etc/inittab
}
function systrv() {
        Srv_List=`chkconfig --list|grep 3:on| awk '{print $1}'`
        for i in $Srv_List
          do 
                chkconfig --level 3 $i off
        done
 
        for j in crond iptables network sshd rsyslog
          do
                chkconfig --level 3 $j on
        done
}
function adduser() {
        /usr/sbin/useradd zkyw
        echo "zkyw@123" | passwd zkyw --stdin
}
function myssh() {
        sed -i 's/^#Port 22/Port 16182/' /etc/ssh/sshd_config  #alter ssh default port 16182
        sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
        sed -i 's/^#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
        sed -i 's/^#MaxAuthTries 6/MaxAuthTries 3/' /etc/ssh/sshd_config
        sed -i '$aAllowUsers zkyw' /etc/ssh/sshd_config  #allow common user zkyw ssh login
        /etc/init.d/sshd reload
}
 
 
###clock Synchronous with internet time###
 
function ntpclock() {
        /usr/sbin/ntpdate 
        echo "30 22 * * * /usr/sbin/ntpdate 202.120.2.101" >> /var/spool/cron/root
        /etc/init.d/crond reload
}
function lockfile() {
        for file in passwd group shadow gshadow inittab
          do
                chattr +i /etc/$file
        done
}
function userlimit() {
        sed -i '$a*  soft    nofile  65536\n*  hard    nofile  65536' /etc/security/limits.conf
        sed -i 's/^/#/' /etc/security/limits.d/90-nproc.conf
        sed -i '$a*     soft    nproc   51200\nroot     soft    nproc   unlimited' /etc/security/limits.d/90-nproc.conf
}
function syskernel() {
        cp /etc/sysctl.conf /etc/sysctl.conf.eri
        modprobe bridge
        (
        cat << EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
 
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
        ) >> /etc/sysctl.conf
        /sbin/sysctl -p  >/dev/null 2>&1
}
function cleanusers() {
        for user in adm lp sync shutdown halt uucp operator games gopher ftp
          do
                /usr/sbin/userdel $user
        done
 
        for gp in adm lp dip
          do
                /usr/sbin/groupdel $gp
        done
}
function initssh() {
	ssh_cf="/etc/ssh/sshd_config"
	sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf
	#sed -i "s/#Port 22/Port 65535/" $ssh_cf
	sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf
} 
function disipv6() {
	echo "alias net-pf-10 off" >> /etc/modprobe.conf
	echo "alias ipv6 off" >> /etc/modprobe.conf
	/sbin/chkconfig --level 35 ip6tables off
}
function alt_del() {
	sed -i 's#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#\#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#g' /etc/init/control-alt-delete.conf
}
function ulimit() {
	echo "ulimit -SHn 102400" >> /etc/rc.local
}

echo "Iptables Optimization Starting..."
firewall
echo "Selinux Disabled Starting..."
safety
echo "Runlevel Optimization Starting..."
runlevel
echo "System Init Service Optimization Starting..."
systrv
echo "Add zkyw Common Account Starting..."
#adduser
#echo "SSH Service Optimization Starting..."
#myssh
#echo "Clock Synchronous Optimization Starting..."
ntpclock
echo "Max nofile and user processes Optimization Starting..."
userlimit
echo "System Kernel Parameters Optimization Starting..."
syskernel
